The present invention relates to a method and apparatus for securing and conducting financial transactions from remote locations, in which there is communication between the remote location and off-site transaction recording or processing locations.
Various techniques have been developed for maintaining security and secrecy of remotely conducted financial transactions. Such techniques commonly rely on the use of secret passwords, which typically are called personal identification numbers, or PINs. In a transaction, the PIN generally is used in conjunction with a second form of identification which is physically scanned by a reading device.
One known technique for remote transactions are bank automatic teller machines ("ATMs") and electronic fund transfer at point-of-sale terminals ("EFT-POS" terminals). Typical ATMs and EFT-POS terminals require the user to insert a card containing an encoded magnetic strip. Information is read from the magnetic strip. For example, Track 1 information may be read, including the user's name, account number, card validation value ("CVV") and expiration date. In addition, the user typically is required to input a PIN in order to commence any transactions. The PIN typically is assigned by a registering institution, such as a bank or credit card company. In one approach, the registering institution assigns the PIN to the user. In other approaches, the user is able to self-select a PIN. In a self-selection system, the user can personally visit the registering institution and make the selection there. The automatic teller machine typically is at location removed from the user's home.
ATM and EFT-POS networks are also known. One such network is described in the ANSI X9.24 standard. In such a network, ATM (or EFT-POS) machines from different financial institutions are connected through a central processing institution. Using such networks, for example, a user with an account at a particular bank may conduct financial transactions, such as bank account withdrawals, from a different bank. Such networks are widely known and have such trade names as "NYCE", "PLUS" and "CIRRUS". In a typical network, the ATMs of one bank are connected to a data processing unit of that bank. Other banks connected to the network have similar ATM arrangements. The data processing units of each bank on the network are in turn connected to a central processing institution. The central processing institution thereby acts as a router or a financial network switch sending transaction requests to the appropriate bank on the network.
ATM systems have been subject to various forms of hostile attack. For example, the PINs are accessible because users must input them into the system by the user in an unencrypted form. Although the ATM terminals typically encrypt the PINs before transmitting them from the terminals over the ATM network, they typically use one encryption key for multiple PINs. Thus, they also have been subject to dictionary attack in which a known PIN is used as an attack base. When the known encrypted PIN is intercepted by a monitor (such as by detecting the associated unencrypted account information), and when an identical encrypted PIN is intercepted (corresponding to a different account), then the PIN for that account is known because the same encryption key is used.
Various techniques are known for selecting and encrypting the PIN from a remote site, rather than in person at the registering institution. A paper encryption system is described in U.S. Pat. Nos. 4,870,683 and 4,885,779. Using the paper encryption system the user may select and encrypt the PIN at home and then mail it to the registering institution. The user also may transmit the encrypted PIN to the registering institution over the telephone lines. In another known technique for selecting and encrypting a PIN at a remote site, the user communicates with the encryption system electronically (such as via modem communication) and sends an identifier and receives back an encrypted identifier. Such a system is described in commonly-assigned co-pending U.S. patent application Ser. No. 08/029,833.
Various unsecured at-home purchasing systems are known. One such system is television home shopping. Typical television home shopping systems include the QVC network and the Home Shopping Channel. In such television home shopping systems, broadcast programming is received by a television receiver. The programming typically includes a description of the product being sold, a video display, a price and ordering instructions. Typically, the user is provided a toll-free telephone number, such as an "800" number to call for placing an order. The user may order using a credit card in which various information must be given to the order taker. Such a system is unsecured because the telephone lines are subject to hostile attack, such as by monitors or eavesdroppers. Likewise, the credit card information is not encrypted, so the attackers may obtain information, either through the telephone lines or at the order receiving facility.
Other kinds of television services offer unsecured interactive ordering through a television receiver. One such service commonly is offered in hotels for remote check-out processing from the hotel room. In such a service, the hotel guest is offered various check-out options on the in-room television receiver. For example, the guest may be offered various options, including reviewing charges to the room, such as meal, daily board and telephone fees, and automatic check-out without personally visiting the registration services desk in the hotel's lobby. The options are offered in a menu system appearing on the television screen typically through a cable. The guest scrolls through the menus and selections using a remote control device, such as a typical television infra-red hand-held controller. Likewise, the different menu options are selected using the hand-held controller. Such a system does not enable payment directly through the television. Typically the hotel receives pre-payment, such as by presentation of a credit card (and optionally additional identification) upon check-in registration at the front desk. In addition, the system is subject to hostile attack through intercepting the television signal, such as through the cable system, and through access to the hotel records pertaining to guest credit card information.
Another interactive television ordering system is used for ordering or blocking pay-per-view movies. One such pay-per-view service, such as offered in hotel rooms, gives the user a selection of various movies to request (while the fee is added to the hotel bill), as well as the option to block out certain movies or all pay-per-view selections. As with the check-out system, the user may use a typical hand-held television or VCR remote control to scroll through the menus and make selections. Again payment may not be made directly by the user. Instead, the fees are added to the hotel or cable bill. Like the check-out system, this movie ordering system is subject to hostile attack.
Computer bulletin board services provide another form of at-home purchasing. One such service is Compuserve, 5000 Arlington Centre Blvd., P.O. Box 20212, Columbus, Ohio 43220. In such systems, the user typically communicates to a remote computer system from a personal computer. A modem typically is used to initiate a telephone contact between the remote computer and the bulletin board system. The user may have the option of browsing various services and products offered for sale. Payment typically is made by credit card or by check through the mail. Such a system is subject to hostile attack, such as through telephone eavesdroppers and monitors, monitors with direct access to the bulletin board computer, hacker attack from off-site locations, or through access to the mail.